Deciding How to Implement DNS Forwarding
NIS servers can forward DNS requests made from Solaris 1.x NIS clients. NIS+ servers running in NIS-compatibility mode also provide DNS forwarding, starting with the Solaris 2.3 releases. (This feature is available in the Solaris 2.2 release patch #101022-06.) As a result, NIS clients, running under the Solaris 2 or Solaris 9 operating environment, must have appropriate /etc/nsswitch.conf and /etc/resolv.conf files installed locally.
Solaris 1.x NIS clients supported by Solaris 2.0 or 2.1 servers running in NIS-compatibility mode are not able to take advantage of DNS forwarding. You must upgrade those servers to Solaris 2.3 releases.
If the DNS domains are repartitioned, you must redefine new DNS zone files. Clients, however, may require updates to their /etc/resolv.conf file. A client, if it is also a DNS client, can set up its name service switch configuration file to search for host information in either DNS zone files or NIS maps--in addition to NIS+ tables.
DNS Forwarding for NIS+ Clients
NIS+ clients do not have implicit DNS-forwarding capabilities like NIS clients do. Instead, they take advantage of the name service switch. To provide DNS capabilities to an NIS+ client, change its hosts entry to:
hosts: nisplus dns [NOTFOUND=return] files |
DNS Forwarding for NIS Clients Running under the Solaris 2 or Solaris 9 Operating Environment
If an NIS client is using the DNS forwarding capability of an NIS-compatible NIS+ server, the client's nsswitch.conf file should not have the following syntax in the hosts file:
hosts: nis dns files |
Since DNS-forwarding automatically forwards host requests to DNS, this syntax causes both the NIS+ server and the name service switch to forward unsuccessful requests to the DNS servers, slowing performance.
NIS and NIS+ Command Equivalents in the Solaris 1, Solaris 2, and Solaris 9 Releases
The tables in this section give a quick overview of the differences between NIS commands running in the Solaris 1 operating environment, NIS commands running in the Solaris 2 or Solaris 9 operating environment, and their NIS+ equivalents.
Table 26-10 describes which NIS commands are supported in the Solaris 2 and Solaris 9 releases.
Table 26-11 and Table 26-12 describe the NIS+ equivalents to NIS client and server commands in the Solaris 2 and Solaris 9 releases.
Table 26-13 contains a list of the NIS application programming interface functions and their NIS+ API equivalents, if they exist. See the appropriate man pages for details.
NIS Commands Supported in the Solaris 2 and Solaris 9 Releases
Only some NIS commands are supported in the Solaris 2 and Solaris 9 releases. NIS server commands are not shipped with the Solaris 2 and Solaris 9 releases. Only the NIS client commands are included. Whether these NIS commands run also depends on whether a Solaris 2 or Solaris 9 NIS client is making requests of an NIS server or of an NIS+ server in NIS-compatibility mode. NIS clients cannot make updates to NIS+ servers that are running in NIS-compatibility mode. For example, such clients cannot run the chkey and newkey commands. Table 26-10 lists the NIS commands supported in the Solaris 2 and Solaris 9 operating environments.
Table 26-10 NIS Commands Supported in the Solaris 2 and Solaris 9 Operating Environments
Command Type | NIS Commands Supported in the Solaris 2 and Solaris 9 Operating Environments | NIS Commands Not Supported in the Solaris 2 and Solaris 9 Operating Environments |
|---|---|---|
Utilities | ypinit ypxfr ypcat ypmatch yppasswd ypset ypwhich | yppush yppoll ypchsh ypchfn ypmake |
Daemons | ypbind | ypserv ypxfrd rpc.ypupdated rpc.yppasswdd |
NIS API | yp_get_default_domain() yp_bind() yp_unbind() yp_match() yp_first yp_next() yp_all() yp_master() yperr_string() ypprot_err() | yp_order() yp_update() |
Client and Server Command Equivalents
The two tables in this section contain NIS commands and their approximate NIS+ equivalents. The commands have been divided into two categories: Table 26-11 contains name service client commands and Table 26-12 contains name service server commands.
Client Command Equivalents
Table 26-11 shows client-to-name server commands. These commands are typed on name service client machines and request information of name service servers. The commands in column 1 run on Solaris 1, Solaris 2 or Solaris 9 NIS clients connected to Solaris 1 NIS servers. The commands in column 2 run on Solaris 1, Solaris 2, or Solaris 9 NIS clients connected to Solaris 2 or Solaris 9 NIS+ servers running in NIS-compatibility mode. The commands in column 3 only run on Solaris 2 or Solaris 9 NIS+ clients connected to Solaris 2 or Solaris 9 NIS+ servers. Commands are approximately equivalent across rows. "N/A" indicates that an equivalent command does not exist for that case.
Table 26-11 NIS Client Commands and Equivalent NIS+ Commands
SunOS 4.x NIS Server | NIS+ Server in NIS-Compatibility Mode | NIS+ Server |
|---|---|---|
ypwhich -m | ypwhich -m | niscat -o org_dir |
ypcat | ypcat | niscat |
ypwhich | ypwhich | N/A |
ypmatch | ypmatch | nismatch/nisgrep |
yppasswd | passwd | passwd |
ypbind | ypbind | N/A |
yppoll | N/A | N/A |
ypset | ypset | N/A |
N/A | ypinit -c | nisclient -c |
Note that:
In the Solaris 2.5 release, the passwd command should be used regardless of NIS or NIS+ status. The functions previously performed by nispasswd and yppasswd have now been included in the passwd command.
The ypinit -c command is available only on Solaris 2 or Solaris 9 NIS clients.
The ypcat command is not supported for queries directed to the netgroup table. The NIS client's request times out before an answer is received because this table's format is so different from the netgroup NIS map's format.
Server Command Equivalents
Table 26-12 shows name server-to-name server commands. The NIS server commands are not included in the Solaris 2 or Solaris 9 releases, so they are not available to either NIS+ servers or NIS+ servers in NIS-compatibility mode. In addition, an NIS server cannot make updates to an NIS+ server, nor can an NIS+ server make updates to an NIS server. Column 3 lists the NIS+ server commands that are equivalent to the NIS server commands in column 1. Servers in NIS-compatibility mode have no exact equivalents because NIS-compatibility mode refers only to client commands.
Table 26-12 NIS Server Commands and Equivalent NIS+ Commands
SunOS 4.x NIS Server | NIS+ Server in NIS-Compatibility Mode | NIS+ Server |
|---|---|---|
ypxfr | N/A | N/A |
makedbm | N/A | nisaddent |
ypinit -m ypinit -s | N/A | nisserver |
ypserv | rpc.nisd -Y | rpc.nisd |
ypserv -d | rpc.nisd -Y -B | No DNS forwarding needed; use /etc/nsswitch.conf |
ypxfrd | N/A | N/A |
rpc.ypupdated | N/A | N/A |
rpc.yppasswd | rpc.nispasswdd | rpc.nispasswdd |
yppush | N/A | nisping |
ypmake | N/A | nissetup, nisaddent |
ypxfr | N/A | N/A |
NIS and NIS+ API Function Equivalents
To completely convert your site to NIS+, you must both change the name service and port all applications to NIS+. Any internally created applications that make NIS calls have to be modified to use NIS+ calls. Otherwise, you always have to run your NIS+ servers in NIS-compatibility mode, with all the drawbacks that this mode entails. External applications may force you to run your namespace in NIS-compatibility mode until they are updated, as well.
Table 26-13 contains a list of the NIS API functions and their NIS+ API equivalents, if they exist.
Table 26-13 NIS API and NIS+ API Equivalent Functions
NIS API Functions | NIS+ API Functions |
|---|---|
yp_get_default_domain() | nis_local_directory() |
ypbind() | N/A |
ypunbind() | N/A |
ypmatch() | nis_list() |
yp_first() | nis_first_entry() |
yp_next() | nis_next_entry() |
yp_all() | nis_list() |
yp_master() | nis_lookup() |
yperr_string() | nis_perror() nis_sperrno() |
ypprot_err() | nis_perror() nis_sperrno() |
yp_order() | N/A |
yp_update() | nis_add_entry(), nis_remove_entry(), nis_modify_entry() |
NIS-Compatibility Mode Protocol Support
Table 26-14 shows which NIS protocols are supported by NIS+ servers in NIS- compatibility mode.
Table 26-14 Support for NIS Protocols by NIS+ Servers
NIS Protocols | Compatibility Description |
|---|---|
NIS client V2 protocol | Supported |
NIS server-to-server protocol | Unsupported |
NIS client update protocol | yppasswd protocol supported |
NIS client V1 protocol | Not supported except for YPPROC_NULL, YPPROC_DOMAIN, and YPPROC_DOMAIN_NONACK |